Postfix forged outgoing email

Hi all,
I'm struggling with some issues with postfix and I'm hoping you guys can help.
I've used the perfect server install for ispconfig 3 ( not the 3.1 RC ). Debian 8 server.

What I found with this setup is that when I send an email with a valid login I can specify ANY email address I want and it's delivered. For instance, I setup a valid email account for the server in Thunderbird. I used the correct SMTP login details but instead of using a real email address for the account I used test@test.com. I can send out email like this and it's delivered no problem.

My concern here is that if an email password is compromised it could be used to send out spam pretty easily.

I've search around quite a bit and I can't find out how to limit the sender to the email it is verified for. How can this be done?